Permalink
Browse files

HTTPS support (#295).

There are new settings in the global POM (resp. in `config.properties` for the binary distribution):
{{{
<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure>
<org.apache.felix.http.enable>true</org.apache.felix.http.enable>
<org.apache.felix.https.enable>false</org.apache.felix.https.enable>
<org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password>
<org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>
}}}

To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:
    1) `keytool -genkey`
    2) Enter a keystore password
    3) Enter your name and organization
    4) Enter a key password
A file `.keystore` is created in your home directory.

Then set the properties in the global POM (resp. `config.properties`)
    5) set `org.apache.felix.https.enable` to `true`.
    6) set `org.apache.felix.https.keystore.password` to the password you've choosen in step 2)
    7) set `org.apache.felix.https.keystore.key.password` to the password you've choosen in step 4)
    8) start DeepaMehta (as usual by `mvn pax:run`)

Optionally you can choose the port to be used for HTTPS by setting the `org.osgi.service.http.port.secure` property.
Note: using ports below 1000 require root permission.

You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set `org.apache.felix.http.enable` to `false`.

The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.

See ticket 295.
  • Loading branch information...
1 parent 39ba447 commit 6b5c7998c26d3439d765739e3306ddaaae343054 @jri committed Aug 29, 2012
@@ -1,10 +1,28 @@
+### Webserver ###
+
org.osgi.service.http.port = ${org.osgi.service.http.port}
-org.osgi.framework.storage = bundle-cache
-felix.log.level = ${felix.log.level}
-felix.auto.deploy.action = install,start
+org.osgi.service.http.port.secure = ${org.osgi.service.http.port.secure}
+org.apache.felix.http.enable = ${org.apache.felix.http.enable}
+org.apache.felix.https.enable = ${org.apache.felix.https.enable}
+org.apache.felix.https.keystore.password = ${org.apache.felix.https.keystore.password}
+org.apache.felix.https.keystore.key.password = ${org.apache.felix.https.keystore.key.password}
+
+### Request Filter ###
+
+# Requests are allowed from this subnet only.
+# An address range denoted by network number and netmask.
+# To allow local access only specify "127.0.0.1/32". This is the default.
+# To allow global access specify "0.0.0.0/0".
+dm4.security.subnet_filter = ${dm4.security.subnet_filter}
+dm4.security.read_requires_login = ${dm4.security.read_requires_login}
+dm4.security.write_requires_login = ${dm4.security.write_requires_login}
+
+### Database ###
dm4.database.path = ${dm4.database.path}
+### File Repository ###
+
# The file repository's root directory.
# Mac OS X/Linux: An absolute path with *no* slash at the end.
# To enable the entire file system specify an empty string (instead of "/"). This is the default.
@@ -13,11 +31,12 @@ dm4.database.path = ${dm4.database.path}
# To enable an entire drive specify the drive letter followed by colon, e.g. "C:".
# To enable the entire C: drive, you can specify an empty string as a shortcut. This is the default.
dm4.filerepo.path = ${dm4.filerepo.path}
-# Remote access filter: an address range specified by network number and netmask.
-# To allow only local access specify "127.0.0.1/32". This is the default.
-dm4.security.subnet_filter = ${dm4.security.subnet_filter}
-dm4.security.read_requires_login = ${dm4.security.read_requires_login}
-dm4.security.write_requires_login = ${dm4.security.write_requires_login}
+
+### Misc ###
+
+org.osgi.framework.storage = bundle-cache
+felix.log.level = ${felix.log.level}
+felix.auto.deploy.action = install,start
java.util.logging.config.file = ${java.util.logging.config.file}
file.encoding = UTF-8
@@ -17,7 +17,7 @@
<version>4.0.12-SNAPSHOT</version>
</parent>
- <!-- These 2 properties are overridden. We must use relative paths for the distribution. -->
+ <!-- These 2 properties are overridden. For the distribution we must use relative paths. -->
<properties>
<java.util.logging.config.file>conf/logging.properties</java.util.logging.config.file>
<dm4.database.path>deepamehta-db</dm4.database.path>
@@ -253,7 +253,16 @@ private Type getType(Topic viewConfig) {
// === Webclient Start ===
private String getWebclientUrl() {
- String port = System.getProperty("org.osgi.service.http.port");
- return "http://localhost:" + port + "/de.deepamehta.webclient/";
+ boolean isHttpsEnabled = Boolean.valueOf(System.getProperty("org.apache.felix.https.enable"));
+ String protocol, port;
+ if (isHttpsEnabled) {
+ // Note: if both protocols are enabled HTTPS takes precedence
+ protocol = "https";
+ port = System.getProperty("org.osgi.service.http.port.secure");
+ } else {
+ protocol = "http";
+ port = System.getProperty("org.osgi.service.http.port");
+ }
+ return protocol + "://localhost:" + port + "/de.deepamehta.webclient/";
}
}
View
13 pom.xml
@@ -17,13 +17,21 @@
<relativePath>modules/dm4-parent/pom.xml</relativePath>
</parent>
- <!-- Note: the dm4.database.path property is required by both, the 'run' and the 'neo4j' profile. -->
- <!-- The other dm4.* properties are required by 'run' only. They are placed here for clarity. -->
<properties>
+ <!-- Webserver -->
+ <org.osgi.service.http.port>8080</org.osgi.service.http.port>
+ <org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure>
+ <org.apache.felix.http.enable>true</org.apache.felix.http.enable>
+ <org.apache.felix.https.enable>false</org.apache.felix.https.enable>
+ <org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password>
+ <org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>
+ <!-- Request Filter -->
<dm4.security.read_requires_login>false</dm4.security.read_requires_login>
<dm4.security.write_requires_login>true</dm4.security.write_requires_login>
<dm4.security.subnet_filter>127.0.0.1/32</dm4.security.subnet_filter>
+ <!-- Database -->
<dm4.database.path>${project.basedir}/deepamehta-db</dm4.database.path>
+ <!-- File Repository -->
<dm4.filerepo.path></dm4.filerepo.path>
</properties>
@@ -34,7 +42,6 @@
<activeByDefault>true</activeByDefault>
</activation>
<properties>
- <org.osgi.service.http.port>8080</org.osgi.service.http.port>
<file.encoding>UTF-8</file.encoding>
<java.util.logging.config.file>
${project.basedir}/modules/dm4-distribution/conf/logging.properties

0 comments on commit 6b5c799

Please sign in to comment.